ICS Penetration Testing
RT431
Table of Contents
Description
The ICS Penetration Testing program was constructed primarily for the security industry and was meant to equip participants with advanced techniques and information warfare. Energy companies, telecommunications, transportation, healthcare, and many other such industries are perceived as critical infrastructure for the continual maintenance of the state. SCADA (Supervisory Control and Data Acquisition) systems are considered the “weak link” in the defense chain, for reasons you will discover throughout the training.
This training covers possible attack methods by hostile entities and the security challenges that naturally follow. Cyberwarfare is one of the most fascinating and advanced disciplines in the Cyber Security world.
How to make the most of this course?
In order to succeed in the course, the following requirements must be met:
- Participation in all practical laboratories
Self-work at home between lessons; - Repetition of materials, self-learning, performing tasks, etc …
In addition to regular classroom studies, the participant is required to practice at least 10 hours a week in order to gain practical experience in the field.
The participant will also need a good personal computer suitable for running virtual machines, with a broadband Internet connection.
Target audience
- Operations Technology Engineering and Support teams
- Incident responders
- Cyber forensics investigators
Objectives
- Various aspects of cyber-warfare on the defensive side
- Expand ICS knowledge in both methodologies and required techniques
Pre-requisites
- ThinkCyber Level-2 Courses
Syllabus
Description
During this module, participants will learn cybersecurity in the environment of Industrial Control Systems. Participants will learn how a control system can be attacked from the internet and perform hands-on practice sessions on network discovery techniques.
Technical content
- IT vs. OT
• Types of ICS Systems
o DCS vs. SCADA - SCADA components
o Human Machine Interface (HMI)
o Supervisory System
o Remote Terminal Units (RTUs)
o Programmable Logic Controller (PLCs) - ICS security overview
o Basic Security Concepts
o Physical Security
o Digital Security
o ICS Lifecycle Challenges - ICS Network Architectures
- Known ICS Protocols
o Modbus
o DNP3
o How to Approach Protocols Research
o ICS Protocol Fuzzing
Description
During this module, participants will be trained on network discovery using Metasploit and practicing in hands-on Red Team exercises. In this module, we will cover the ways to attack the SCADA environment. Participants will develop a broader understanding of where these specific attack vectors exist, as well as the tools that are used to discover vulnerabilities.
Technical content
- Security in ICS
o Encryption
o Firewalls with ICS
o DMZ Approach
o Access Control
o Intrusion Detection (IDS) - Web Application Attacks
o Brute Force
o Extracting Data
o SQL Injection - ICS Exploitation using Metasploit
o Metasploit modules for SCADA
o Exploit with Metasploit
o Control with Metasploit - ICS Attack Tools
o Modscan
o SMOD - Network attacks
o Flooding
o MiTM
o Denial of Service (DoS)
o Jamming
o Wi-Fi Security Issues - Attacks on HMI
o ICS Security Framework
o Brute Force
Description
In this module, we will present to participants ways to plan, design, and implement an effective program to protect SCADA systems using Penetration Testing methods. Participants will gain knowledge of conducting these tests on the “Test-environment” using advanced techniques.
Technical content
- Preparing for Penetration Testing
o Setting up a Virtual Machine for Penetration Testing
o Creating your VM Network
o Architectures Overview - Testing your Network
o Gathering Information Passively
o Port Scanning
o System Fingerprinting
o Passwords Complexity Testing
o Administrator Privileges Escalation Testing - Testing for Vulnerabilities on Master Servers
o Checking for Vulnerabilities
o Analyzing Services and Ports
o Analyzing Communications - Testing for Vulnerabilities on User Interfaces
o Web Applications
Identifying Attacks Exploiting Vulnerabilities PHP Vulnerabilities
o Terminal Interfaces
o Traditional Applications - Testing for Vulnerabilities on Network Protocols
o Breaking Open Network Protocols
o Protocol Analysis
o Using Network-Based Signatures
o Radio Frequency Capture
o Sniffing Network Traffic
o Extracting Network Traffic - Testing for Vulnerabilities in Embedded devices
o Firmware Fuzzing
o Analyzing the Firmware
o Exploiting Firmware Vulnerabilities - Security Assessment
- Writing a Penetration Testing Report
Labs
- Lab 1 Modbus and DNP3
- Lab 2 ICS with Metasploit
- Lab 3 ICS Protocols
- Lab 4 Using Shodan to Attack
- Lab 5 ICS Network Traffic
- Lab 6 ICS Frameworks
- Lab 7 Creating Zero-Days
- Lab 8 Writing Penetration Report
Course type
This course is delivered in the following ways:
- Virtual classroom with proctored labs and scenarios executed in our Cyberium Arena
- In situe classroom with proctored labs and scenarios executed in our Cyberium Arena
All sessions are recorded and attendees can replay them during 30 days. All course material is electronically made available to the participant.
Course Group: FOUNDATION
Hands-on / Theory MiX
The following course incorporates a high level of hands-on labs exercises, as well as real life case studies.
Certification
This course prepares the participant to the following certification:
- CSSA (INFOSEC)
- GICSP (SANS)
Required EqUIPMENT
Network connection
As this course extensively uses a cloud based Learning Management System, including a lab arena, attendees need a stable broadband connection to the Internet.
BYOD – Bring Your Own Device
As it is a very practical course, and in order for the participants to make the most of the course, they need a laptop with the following capabilities:
- Audio and Video
- 8 GB RAM
- 200 GB Disk Space
- Virtualization capabilities ( supporting latest version of Virtualbox or similar virtual machine application)
And also a Good Headset with Mic
